Page 1 of 1

File uploads tutorial Rate Topic: -----

#1 Pilot-Doofy  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 11
  • Joined: 09-October 06

Posted 21 October 2006 - 05:19 PM

When using php for file uploads, there are a few prechecks you need to make sure of. This is perhaps the most important step to ensure that the file upload process is fluently fulfilled. To check to make sure that file uploads are enabled, you can (if possible) reference your server's php.ini file. Check to see if the file_upload directive is set to true, meaning its value is 1. If you are running a version of php which is older than 4.0.3 this directive is not present in the php.ini file.

You may also check the upload_max_filesize and other directives to see the limitations of your file uploads. If you're wanting to limit the filesize with this configuration directive, you can use an integer to represent the maximum filesize or you can use shorthand notation. In integer representation, you specify the maximum filesize (in bytes) that the server should accept. In shorthand notation you can use K, M, and G abbreviations which represent Kilobyte, Megabyte, and Gigabyte, respectively. However, remember that these shorthand notations are only available in php versions 5.1.0 and higher. If you have further questions about these commonly used directives you can consult the php.net file upload configuration help, because it is no longer discussed in this tutorial.

If you know a thing or two about the upload system, you can change the upload_tmp_dir directive. This directive allows you change the path that files are temporarily stored in while being uploaded. If you know about this then you can continue to use it; however, if you aren't familiar with what I'm talking about, don't sweat it because we won't talk about it and nor do we need to discuss it to make this tutorial successful.
: Note: If you are changing this make sure that the directory is writable.

Now that we've looked at some of the configuration precautions, we'll look at the HTML and PHP that makes this very useful tool possible. If you don't know HTML then don't worry about learning it from this tutorial, because I will only discuss the necessary parts of the <form> tag to make the upload system functional.

Here is my example code for upload.html as I have named my file. It doesn't matter what you name your file, just remember it for linking and what not.

upload.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-tr
ansitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>PHP Upload System</title>
</head>
<body>
<form name="file_uploader" action="upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="data"><br />
<input type="submit" name="upload" value="Upload File">
</form>
</body>
</html>


Now, you may notice that the enctype parameter of the <form> tag is set to multipart/form-data. This is the necessary setting for this if you wish to enable file uploads in the HTML form. If you do not have the enctype specified, or it is not set to multipart/form-data, then the upload will not work.

Okay, here comes the juicy part of the tutorial, the PHP code to make the upload work.
upload.php
<?php
# Check to see if the file is accessible
if ( !isset($_FILES['data']['name']) || $_FILES['data']['name'] == '' ) {
die('No input file specified. Please go back and select a file to upload.');
} // End check for file being set

$max_filesize = 999999;
$filetype = 'text/plain';
$upload_path = '/ngbbs/';

# Check to see if the filesize is too large
if ($_FILES['data']['size'] > $max_filesize) {
die('Your filesize is too large. Please make your filesize smaller than ' . $max_filesize . ' bytes.');
} // End if filesize is too large

# Check to see if the filetype is correct
if ($_FILES['data']['type'] != $filetype) {
die('Sorry, your file was not of the ' . $filetype . ' mimetype (yours was ' . $_FILES['data']['type'] . ').');
} // End filetype check

# If file has gotten this far, it is successful

$copy_to = $_SERVER['DOCUMENT_ROOT'] . $upload_path . $_FILES['data']['name'];

# Upload the file
$upload = move_uploaded_file($_FILES['data']['tmp_na
me'], $copy_to);

# Check to see if upload was successful
if (!$upload) {
die('Sorry, your file could not be uploaded.');
}

echo 'Your file contents are below: <hr>' . file_get_contents($copy_to);
?>


Okay, now it's time to explain the pieces of code you see in front of you. The $_FILES (or $HTTP_POST_FILES in long form) superglobal holds the contents of the file that was uploaded just as $_POST (or $HTTP_POST_VARS in long form) and $_GET (or $HTTP_GET_VARS in long form) hold POST and GET variables, respectively. The first key of the array superglobal should be the name of the HTML file field which is being uploaded. In our case, I named the HTML field data so all the calls to $_FILES begin with the data element. Secondly, the other key you are accessing is the information you would like to retrieve about the file.

$_FILES['html_name']['name'] retrieves the file's name on the user's computer
$_FILES['html_name']['size'] retrieves the file's size in bytes
$_FILES['html_name']['type'] retrieves the file's mime type
$_FILES['html_name']['tmp_name'] retrieves the actual file itself

The checks are easy, but the most complicated part of the script is dealing with the upload. The path you are specifying to upload should be a path relative to your server's document root. Make sure that the path you are uploading to is writable, you may want to check CHMOD values.

The move_uploaded_file() function takes two parameters, the original file (being $_FILES['html_name']['tmp_name']) and the path you want to upload it to. This is pretty simple, since the steps are shown in detail in the code itself. This function is only available in versions 4.0.3 and higher. If you are running an older version you may want to use the copy() function instead, which requires identical arguments. The move_uploaded_file() and copy() functions return TRUE if successful and FALSE if unsuccessful. This makes it easy to determine if the file should be retrieved or stored in a database (or however you're managing the uploads) or discarded.

Is This A Good Question/Topic? 1
  • +

Replies To: File uploads tutorial

#2 kcvontop  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 6
  • Joined: 20-April 09

Posted 20 April 2009 - 02:00 PM

I am a beginner in web development. please I need somebody to tell me how to make a folder writable in my local root folder so that I can upload text and images to it. I use WAMP server on windows xp and also how can I create a link to the folder in this code

$upload_path = '/ngbbs/';

$copy_to = $_SERVER['DOCUMENT_ROOT'] . $upload_path . $_FILES['data']['name'];

assuming my files are arranged like this
c://wamp/www/upload
Was This Post Helpful? 0
  • +
  • -

#3 oaluyi  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 67
  • Joined: 04-November 09

Posted 06 November 2009 - 12:01 PM

Please, I want to upload MS-Word document using this code, please how do I specify the type?

if ( !isset($_FILES['data']['name']) || $_FILES['data']['name'] == '' ) {

Thank you.
Was This Post Helpful? 0
  • +
  • -

#4 noorahmad  Icon User is offline

  • Untitled
  • member icon

Reputation: 209
  • View blog
  • Posts: 2,290
  • Joined: 12-March 09

Posted 08 November 2009 - 09:42 PM

try to use $_FILES['data']['type'] for specifying file type :)
Was This Post Helpful? 0
  • +
  • -

#5 nick1200  Icon User is offline

  • Php Coder
  • member icon

Reputation: -19
  • View blog
  • Posts: 922
  • Joined: 21-March 09

Posted 31 December 2009 - 06:33 PM

may i ask ive used this upload script but when i try to upload a 200mb video it times out ( gives up )

ive set the limit to 500 mb so
i think its the time out limit ?
Was This Post Helpful? 0
  • +
  • -

#6 mraldo  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 7
  • Joined: 03-January 10

Posted 03 January 2010 - 01:22 PM

You really ought to also check the file extension as well. Checking the files type is not always the best route to go, as someone could easily upload a PHP script and it be allowed, and then they could execute the script.
Was This Post Helpful? 0
  • +
  • -

#7 kurazi  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 35
  • Joined: 27-March 11

Posted 01 November 2011 - 03:04 PM

I am new to php, and I am running the 2 file off of the server, but for some reason when i test it and click upload, it hangs for a moment, and i get an error, "sorry your file could not be uploaded". I have tried running it on 2 different servers, to which i get the same error. Not sure if there is anything I am missing. I have permission on the folder set to allow everything.

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
 <html xmlns="http://www.w3.org/1999/xhtml">  
 <head>  
 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />  
 <title>PHP Upload System</title>  
 </head>  
 <body>  
 <form name="file_uploader" action="upload_ac.php" method="post" enctype="multipart/form-data">  
 <input type="file" name="data"><br />  
 <input type="submit" name="upload" value="Upload File">  
 </form>  
 </body>  
 </html> 



<?php  

 # Check to see if the file is accessible  
 if ( !isset($_FILES['data']['name']) || $_FILES['data']['name'] == '' ) {  
 	die('No input file specified. Please go back and select a file to upload.');  
 } // End check for file being set  
    
$max_filesize = 999999;  
$filetype = 'text/plain';  
$upload_path = '/upload/';  

 # Check to see if the filesize is too large  
 if ($_FILES['data']['size'] > $max_filesize) {  
 	die('Your filesize is too large. Please make your filesize smaller than ' . $max_filesize . ' bytes.');  
 } // End if filesize is too large   

 # Check to see if the filetype is correct  
 if ($_FILES['data']['type'] != $filetype) {  
 	die('Sorry, your file was not of the ' . $filetype . ' mimetype (yours was ' . $_FILES['data']['type'] . ').');  
 } // End filetype check  

 # If file has gotten this far, it is successful  
 $copy_to = $_SERVER['DOCUMENT_ROOT'] . $upload_path . $_FILES['data']['name'];   

 # Upload the file  
$upload = move_uploaded_file($_FILES['data']['tmp_name'], $copy_to);  

 # Check to see if upload was successful  
 if (!$upload) {  
 die('Sorry, your file could not be uploaded.');  
}    
echo 'Your file contents are below: <hr>' . file_get_contents($copy_to);  
?> 



Was This Post Helpful? 0
  • +
  • -

Page 1 of 1